Agenda item

To receive the update of the Strategic Risk Register.

 The Committee received a report which covered the update of the Strategic Risk Register in its proposed new format, which was still at an embryonic stage and included risk and risk appetite scores that were still subject to review.

The format of the Risk Register had not been updated for some time. Following the debate at Governance and Audit Committee in January 2017, the Head of Audit and Risk Management had undertaken research into different risk register formats and different ways of recording risks. CMT had approved the new approach which was still a work in process.

The new register consisted of a one page summary for each risk. It included risk ratings for unmitigated risk, current residual risk and the risk appetite and tracked all three of these ratings over a number of quarters in order to present the history and trends of the risk. The register also included a RAG status for each risk, an overview of the current actions being under taken and details of further mitigation of what more should be done in order to reduce the risk rating down to the risk appetite level.

As a result of Members’ comments and questions, the following points were made:

• The format of the new risk register was a significant improvement from the old register and enhanced the displaying of the risk information. It was clearer and a helpful and much needed step forward.
• Risk 2 was not yet a trend, nor yet a massive cause for concern as the rating had only increase for one quarter. The issue was that as there were so many complex transformation programmes ongoing at the same time there was a risk of disconnect across the programme, which needed to be managed by the Transformation Board.
• Where the level of risk matched the risk appetite for two or more quarters consideration would be given to removing them from the Strategic Risk Register. The removal of the risk would be discussed with CMT and the Risk Management Group. The Head of Audit and Risk Management stated that careful consideration wouold be needed before removing some of the risks from the strategic risk register, such as they cyber risk, given the recent national cyber attacks.
• Risk 12 was a difficult risk to manage as many of the factors were out of the control of the council, but there would be a significant, negative impact on the Council’s reputation if an incident were to occur. The risk would probably never reach the appetite level.
• The OFSTED report would be released in a few weeks time and would help inform the rating and mitigations for risk 12. 
• The risk which had been removed relating to the loss of key staff wasn’t just in relation to staff leaving the organisation or retiring. It was related to the loss of staff in key positions and at key levels and the way the organisation had to operate and keep moving forward often without replacing the staff. This was a risk that could be managed as the Council had to accept the likelihood of losing staff members at this time of change.
• An example of staff change was CMT which had been very stable for some time but had changed by 50% over the last year.  It was felt that the transition had been managed very well.
• Risks that were removed from the Strategic Risk Register would continue to be monitored through Directorate Risk Registers or Programme Risk Registers, if they were flagged as a concern they would be brought back onto the Corporate Risk Register.
• The cause for the change in risk ratings would be picked up in the rationale for the risk.
• The new register was much better for reporting as it read like a dashboard.
•  Risks were identified through departmental risk registers, if there were concerns these were flagged and monitored by the Risk Management Group and CMT, who would debate and challenge the risks. CMT would share current developments, challenges and highlight issues at their weekly CMT meeting.
• The Director Children, Young People and Learning was keeping a close eye on Risk 9 due to the rise in demand to determine whether this was temporary blip or a more permanent issue.

RESOLVED that:

1. the Committee provide feedback on the new format and completeness of risks and scores in the re-formatted Strategic Risk Register attached at Appendices 1 including risk appetite.

2. the Committee provide feedback on the proposal to remove risks that have been mitigated down to the risk appetite level for two or more consecutive quarters.